Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 02:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://online.tdaqs.com.au/web/autoform.html?script=WebForm¶m=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D
Resource
win10v2004-20241007-en
General
-
Target
https://online.tdaqs.com.au/web/autoform.html?script=WebForm¶m=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1208 msedge.exe 1208 msedge.exe 3880 msedge.exe 3880 msedge.exe 4872 identity_helper.exe 4872 identity_helper.exe 4904 msedge.exe 4904 msedge.exe 4904 msedge.exe 4904 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe 3880 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3880 wrote to memory of 4480 3880 msedge.exe 83 PID 3880 wrote to memory of 4480 3880 msedge.exe 83 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1868 3880 msedge.exe 84 PID 3880 wrote to memory of 1208 3880 msedge.exe 85 PID 3880 wrote to memory of 1208 3880 msedge.exe 85 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86 PID 3880 wrote to memory of 3280 3880 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online.tdaqs.com.au/web/autoform.html?script=WebForm¶m=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd71646f8,0x7ffcd7164708,0x7ffcd71647182⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4904
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5c0bc47b09aac0c19d274d04ad6bbe276
SHA1903957486681c663356123e6d2d7cf3b8f37912b
SHA25667335349e41b5ff803ede9d9a3101acbde43eadded71cd57247938b0ddd0931b
SHA512c08a883fdc1ca5d98359ba8a63798df4bde25855169a84202f2a478e50c0dbe69580410c26802ce3d67ad1712d74e3201ca34b879ab5588a4d7696093895062e
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD528fb89c8c35dff5105d92fb081e309e8
SHA1593c0ef418001d5982a1cd8e34b7fd7201f4c718
SHA2560b5ca1875c20bfbbced9e90ec658e92eaa0bc2607dd7f94dfaf50221431a06d4
SHA5128838818985335a7b0ca9c5cbc06984e100ffc4bd229f8a155f10198d7d59a93ae08042f9c82a6cc0776d95d93af1514b59e2673bc41d976dffbcf0eff3cb5c10
-
Filesize
6KB
MD55cc738893e18a9e1a7a2490636fda7c3
SHA1fd79b494517218226241be88ed40869763965ee9
SHA256198363fe53190cc7c9c725761f0d5edb1d63c588472302909846dd8a66512789
SHA51248c5ffdaa1b8c12f7c564af9f1ea9e19b3525b123587bdb7ae579a655d4639a04894884e629b5ffc492a58246314194f9c6ba76e3c15bf71f42ed79188133623
-
Filesize
203B
MD5c47450d3132a48cb3c16b1320f71add7
SHA1a87b872c48e5209c200da57c19ebd453d4c25f22
SHA25651251e1fde6bc638ffdf31cfd73bbd1c0433c9d5ebe90a6e4b1ecb7435750bf3
SHA512aced5b777e47c631a1374b6ef04cf32816f8e8c185ba7395b2ee4af9b098e2b4f137ece348e47a74004485c2c504228ba4e2644357a3c44f4b96f6683813a2d5
-
Filesize
201B
MD5d4bea52fb826685824ff90be7f642daa
SHA1dd756eca9ac569fc86089ed0a5a04ff32e80b231
SHA2562ca0ae1f680581a08df674516f679431f958818fc8cd43994fedda92604a36c9
SHA512af3f895fe803e8beee456ec0364bddd353ea75024516dbc2427feaeb9080ca0bc86f6f57cba29079ee15379693b6a1185e5a3349e25893dd2294e158113b6937
-
Filesize
203B
MD524722421045f9745668024974139c601
SHA1174ef02af0b6396f71b31866115011beee028c8d
SHA256d4ede8ad2bba31ebea130526d7ec36f7b5bfde64e3d7c304018008f52d7584d7
SHA5123dfef579a66c9e285bb4450f70a145dfe0c4916889351c8b6e59ddb71d5ebe25cf0454d1c4187440bad6bedd740f222cfb7d9dc9235fe7ccf33a0abac8e2d3f2
-
Filesize
203B
MD5f2b562b4c92292b24b910c42675b8d5e
SHA191adc968260b5187b968a6f16bfd736f49b0a73a
SHA25612bcccdf5a5908e1656bbf5bd8aebff5a5f8856a8c50dd78b6c54846538f2929
SHA5129c67b83defbee57626843823297d306d46bef69813012b46fc8d5e8d5a0d821e3b47f3f7cac8adeec4858f93d4c9b7566038f8c73982e2d76a7ce54cf3b5f6bb
-
Filesize
203B
MD5e592ab50184c04d1711ee58e0d2d471b
SHA1be192e1d45428adfc3688eeb36e5706eb583de93
SHA256de3cffa7d93e1f2bea3230e88ce38cc4f53c5096d0756f88f11ea5c1c15f86fb
SHA512e02ea307f4128ecc6bd86a4beae993ef03fff2b8660a8decf409e090f3300b93eed2aa4a8514c4269d88a6049ce71e5642aafcd8d4aad3999d5b4460e70a457b
-
Filesize
203B
MD54bfabeeb7b2e919aa345068b4588aca8
SHA1eff261b79ecd449106f9730801f4aeb6cf5eafcd
SHA256114f04adc69a9e0d98452e6b8d31527b5d9eb000771f404b6de5a6fe3fad5d29
SHA51286648fe6c0e5f47d53d8d156a44112b9479174885214dec5be4585351b1b13de35e77d97179564b4e70e2320eb9ecb0e815b712d561db1a054cfe24e39d1e38b
-
Filesize
201B
MD593d4126b8024b23cefcb13b117e92ab2
SHA19d30cc7c7c1cc657225865ae4082df81d44fffd9
SHA2564726c7e7fe4a1f88ec1f9404d46fab036dc6aa51b3802001d88e939bae3f6ff1
SHA51204a3af47f2f65dde60113ffac14e0618c6c47fcea1f04a0e8418d10e2dccb4b5e82131e02c8e76cc3d9cf276d8437f8d684ada921aa61a1ff78be9a7a9d1d0ab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5212b4e5889003932997f90ab0ed5ea73
SHA16f5f72bbe8dea537d70dca4115ccd758344102c6
SHA256ee8d4356897f112f6c0fcf826691f2f77e377c15512bdcd4126b8853daf1ccfe
SHA512031e43e14ce5a4743600f2282d3cd8ff8fab193e21554828f2b0fded7b0c9b62ac024d18be9dc54d0100485814c2c773275abe901672f7c2a0b4ba7395d9a7d7